Support User Manuals

Cisco Systems OL-16647-01 Network Router User Manual

Open as PDF

of 1230

38-83

Cisco ASDM User Guide

OL-16647-01

Chapter 38 Clientless SSL VPN

AnyConnect Customization

Using Macros 1 - 4

The security appliance obtains values for the first four substitutions from the SSL VPN Login page,

which includes fields for username, password, internal password (optional), and group. It recognizes

these strings in user requests, and replaces them with the value specific to the user before it passes the

request on to a remote server.

For example, if a URL list contains the link,

http://someserver/homepage/CSCO_WEBVPN_USERNAME.html, the security appliance translates it

to the following unique links:

• For USER1 the link becomes http://someserver/homepage/USER1.html

• For USER2 the link is http://someserver/homepage/USER2.html

In the following case, cifs://server/users/CSCO_WEBVPN_USERNAME, lets the security appliance

map a file drive to specific users:

• For USER1 the link becomes cifs://server/users/USER1

• For USER1 the link is cifs://server/users/USER2

Using Macros 5 and 6

Values for macros 5 and 6 are RADIUS or LDAP vendor-specific attributes (VSAs). These substitutions

let you set substitutions configured on either a RADIUS or an LDAP server.

Example 1: Setting a Homepage

The following example sets a URL for the homepage:

• WebVPN-Macro-Value1 (ID=223), type string, is returned as wwwin-portal.abc.com

• WebVPN-Macro-Value2 (ID=224), type string, returned as 401k.com

To set a home page value, you would configure the macro as

https://CSCO_WEBVPN_MACRO1, which would translate to https://wwwin-portal.abc.com.

The best way to do this is to configure the Homepage URL parameter in ASDM.

Go to the Add/Edit Group Policy pane, from either the Network Client SSL VPN or Clientless SSL VPN

Access section of ASDM, as in Figure 38-1. The paths are as follows:

• Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add/Edit

Group Policy > Advanced > SSL VPN Client > Customization > Homepage URL attribute.

• Configuration > Remote Access VPN > Clientless SSL VPN Access > Group Policies > Add/Edit

Group Policy > More Options > Customization > Homepage URL attribute.

4 CSCO_WEBVPN_CONNECTION_PROFILE SSL VPN user login group drop-down, a group alias within the

connection profile

5 CSCO_WEBVPN_MACRO1 Set via RADIUS/LDAP vendor-specific attribute

6 CSCO_WEBVPN_MACRO2 Set via RADIUS/LDAP vendor-specific attribute

No. Macro Substitution Definition

previous next